You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@logging.apache.org by "Pascal Koeiman (Jira)" <ji...@apache.org> on 2022/06/10 10:48:00 UTC
[jira] [Created] (LOG4J2-3535) Certain strings passed into StrSubstitutor can cause "infinite loop in property interpolation"
Pascal Koeiman created LOG4J2-3535:
--------------------------------------
Summary: Certain strings passed into StrSubstitutor can cause "infinite loop in property interpolation"
Key: LOG4J2-3535
URL: https://issues.apache.org/jira/browse/LOG4J2-3535
Project: Log4j 2
Issue Type: Bug
Components: Core
Affects Versions: 2.17.2
Reporter: Pascal Koeiman
Attachments: Crash_e4372c5ba2ed2cdbd5d87cfd541a5bcae60fb274.java, crash-e4372c5ba2ed2cdbd5d87cfd541a5bcae60fb274, hhsJazzer.jar
I believe this is a similar issue to what's listed here, although there it is deemed fixed in 2.17.0: https://issues.apache.org/jira/browse/LOG4J2-3230
Using Code Intelligence's fuzz testing tool ([Jazzer|https://github.com/CodeIntelligenceTesting/jazzer]), the exception was found by having the tool pass in generated strings to the *replace* method of the *StrSubstitutor* class. See also the message below:
{{== Java Exception: java.lang.IllegalStateException: Infinite loop in property interpolation of ${k:-$}ߤ\{${$k:-${$k}߀��$}����:$����$}����-: $k
at org.apache.logging.log4j.core.lookup.StrSubstitutor.checkCyclicSubstitution(StrSubstitutor.java:1087)
at org.apache.logging.log4j.core.lookup.StrSubstitutor.substitute(StrSubstitutor.java:1034)
at org.apache.logging.log4j.core.lookup.StrSubstitutor.substitute(StrSubstitutor.java:1047)
at org.apache.logging.log4j.core.lookup.StrSubstitutor.substitute(StrSubstitutor.java:912)
at org.apache.logging.log4j.core.lookup.StrSubstitutor.replace(StrSubstitutor.java:467)
at org.apache.logging.log4j.core.lookup.StrSubstitutor.replace(StrSubstitutor.java:451)
at Log4jFuzzer.fuzzerTestOneInput(Log4jFuzzer.java:16)}}
--
This message was sent by Atlassian Jira
(v8.20.7#820007)